Identity Theft Crimes By the Numbers

A new study was just released that looked at the instances of identity theft in 2016. This research shows that a whopping $16 billion was stolen that year, and it affected 15.4 million people. This is concerning because in 2015, the numbers were lower: $15.3 billion stolen and 13.1 million affected.

You might think this only comes from credit card fraud, but it doesn’t. Additionally, it comes from new account fraud. This is when a cybercriminal opens a new financial account by using stolen personal information, such as a name and Social Security number, from their victims.

Fraud Complaints and the New Identity Theft

The Consumer Sentinel Network, which is a part of the FTC (Federal Trade Commission) has been tracking instances of fraud and identity theft complaints.

There were 3.1 million complaints logged in 2016, and 1.3 million of those were fraud related.

These instances cost consumers almost $745 million.

The highest reported complaint category was debt collection complaints at 66 percent of all fraud complaints.

13 percent of all complaints were due to identity theft.

Becoming Aware of Cybercrime

As more and more businesses depend on computer networks and electronic data for day to day tasks, more and more personal information is also being sent. This, of course, leaves information exposed to cybercriminals and sets companies up for data breaches.

All companies are at risk for this, even those that might seem impenetrable:

In 2015, both Anthem and Premera Blue Cross were breached. This breach exposed the personal data of more than 90 million people.

The U.S. Government has also been breached several times and over several departments. Approximately 22 million people were affected.

The instances of breaches are growing year after year. There were 780 in 2015, and 1,093 in 2016.

Cybercriminals are mostly targeting businesses, but medical/healthcare companies made up 34.5 percent of the total breaches in 2016. The education industry made up 9 percent of all breaches, and the U.S. government/military made up 6.6 percent of all breaches.

As of December 27, 2017, there have been 1,339 breaches over the year, and 174 million personal records were exposed.

The actual release of data is only part of the story, however. These breaches also affect these companies financially. In 2014, the Center for Strategic and International Studies partnered with McAfee to release the following information:

The average cost of cybercrime in 2015 was $15 million, which rose from $12.7 million in 2014.

The costs per company ranged from $1.9 million to $65 million.

To combat this, there has been a rise among insurance companies offering cyber insurance. There are more than 60 companies offering cybercrime insurance, which made up about $2.75 billion written premiums in 2015. In 2016, this number rose to $3.25 billion.

Identity Theft on the Rise

No matter how you look at it, identity theft is definitely on the rise. According to the Javelin Strategy & Research report, in 2015, identity thieves had 1.5 million victims, which was doubled from 2014.

With the introduction of chip cards, it was thought by many people that these numbers would fall. However, cybercriminals are crafty, and instead of simply focusing on credit cards, they got creative and looked into different opportunities. Honestly, all an identity thief needs is your Social Security number and the door is pretty wide open. Once they find that, the rest of the necessary information, such as a name and address, is easy to find. They use this information to open new accounts in the victim’s names, and the following scenarios can happen:

Months, or even years, pass without the victim realizing there are bank or credit card accounts opened in their name.

Some victims never find out that their information has been compromised.

It’s also totally possible that the banks don’t even realize that these accounts are fraud.

One of the most popular scams out there that identity thieves love is to create a fake identity. This, too, is quite crafty though. They basically create an identity partially based on stolen information and partially made up. So, for instance, they might use your Social Security number, but a made-up address and name. This is called a synthetic ID. Banks don’t even realize it’s happening, and cybercriminals know it’s difficult to catch them in the act.

Crimes Using Synthetic IDs

There are two ways that cybercriminals use this information. First is called ID manipulation, which is where they use a stolen identity, but fill it out with made up information. This helps them to avoid getting caught. The second thing they might do is called quick synthetics. This is when they take information from a number of real victims, and then use that information to create a single, new identity.

How Can Banks Stop This?

Though it’s difficult to detect, there are some things that banks can do to stop these crimes:

Start analyzing cell phone data to see if there are any noticeable patterns. Many cybercriminals use prepaid VoIP phones that they can simply throw out.

Look at email history. New email addresses for old accounts are often a sign of fraud. It is also a sign of fraud if an email address doesn’t match up with a customer’s mobile device.

Engage companies like ID Analytics, which “score” client data based on known legitimate records.

How Can Credit Card Issuers Stop This?

Credit card issuers can also take steps to stop this type of crime:

Do more thorough identity checks before issuing credit.

Look for red flags, i.e. the same address for multiple customers.

Do more than one risk assessment. If there is a change after a couple of days, it’s a sign that there could be something wrong.

How Can You Stop This?

Synthetic identity theft is difficult to pinpoint sometimes. For instance, an identity thief might be using your Social Security number, but not your name. This means you might never realize that you are a victim. But, there are things you can do to keep yourself safe:

Freeze your credit. This helps to prevent any new accounts from being opened with your name and SSN.

The takeaway here is that both banks and credit card companies have to do a better job at not only monitoring accounts ​but also approving new accounts. Though you can do a small part yourself, they have to step up to the plate, too.